CVE-2008-4059

EPSS 2.16%
Veröffentlicht 24.09.2008 20:37:04
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 47

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox

Mozilla ≫ Firefox Version <= 2.0.0.17

Mozilla ≫ Firefox Version0.8

Mozilla ≫ Firefox Version0.9

Mozilla ≫ Firefox Version0.9 Updaterc

Mozilla ≫ Firefox Version0.9.1

Mozilla ≫ Firefox Version0.9.2

Mozilla ≫ Firefox Version0.9.3

Mozilla ≫ Firefox Version0.9_rc

Mozilla ≫ Firefox Version0.10

Mozilla ≫ Firefox Version0.10.1

Mozilla ≫ Firefox Version1.0

Mozilla ≫ Firefox Version1.0.1

Mozilla ≫ Firefox Version1.0.2

Mozilla ≫ Firefox Version1.0.3

Mozilla ≫ Firefox Version1.0.4

Mozilla ≫ Firefox Version1.0.5

Mozilla ≫ Firefox Version1.0.6

Mozilla ≫ Firefox Version1.0.6 Editionlinux

Mozilla ≫ Firefox Version1.0.7

Mozilla ≫ Firefox Version1.0.8

Mozilla ≫ Firefox Version1.5

Mozilla ≫ Firefox Version1.5 Updatebeta1

Mozilla ≫ Firefox Version1.5 Updatebeta2

Mozilla ≫ Firefox Version1.5.0.1

Mozilla ≫ Firefox Version1.5.0.2

Mozilla ≫ Firefox Version1.5.0.3

Mozilla ≫ Firefox Version1.5.0.4

Mozilla ≫ Firefox Version1.5.0.5

Mozilla ≫ Firefox Version1.5.0.6

Mozilla ≫ Firefox Version1.5.0.7

Mozilla ≫ Firefox Version1.5.0.8

Mozilla ≫ Firefox Version1.5.0.9

Mozilla ≫ Firefox Version1.5.0.10

Mozilla ≫ Firefox Version1.5.0.11

Mozilla ≫ Firefox Version1.5.0.12

Mozilla ≫ Firefox Version1.5.1

Mozilla ≫ Firefox Version1.5.2

Mozilla ≫ Firefox Version1.5.3

Mozilla ≫ Firefox Version1.5.4

Mozilla ≫ Firefox Version1.5.5

Mozilla ≫ Firefox Version1.5.6

Mozilla ≫ Firefox Version1.5.7

Mozilla ≫ Firefox Version1.5.8

Mozilla ≫ Firefox Version1.8

Mozilla ≫ Firefox Version2.0

Mozilla ≫ Firefox Version2.0 Updatebeta1

Mozilla ≫ Firefox Version2.0 Updaterc2

Mozilla ≫ Firefox Version2.0 Updaterc3

Mozilla ≫ Firefox Version2.0.0.1

Mozilla ≫ Firefox Version2.0.0.2

Mozilla ≫ Firefox Version2.0.0.3

Mozilla ≫ Firefox Version2.0.0.4

Mozilla ≫ Firefox Version2.0.0.5

Mozilla ≫ Firefox Version2.0.0.6

Mozilla ≫ Firefox Version2.0.0.7

Mozilla ≫ Firefox Version2.0.0.8

Mozilla ≫ Firefox Version2.0.0.9

Mozilla ≫ Firefox Version2.0.0.10

Mozilla ≫ Firefox Version2.0.0.11

Mozilla ≫ Firefox Version2.0.0.12

Mozilla ≫ Firefox Version2.0.0.13

Mozilla ≫ Firefox Version2.0.0.14

Mozilla ≫ Firefox Version2.0.0.15

Mozilla ≫ Firefox Version2.0.0.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.16%	0.837

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/33433

http://www.debian.org/security/2009/dsa-1697

http://secunia.com/advisories/33434

http://www.debian.org/security/2009/dsa-1696

http://secunia.com/advisories/34501

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://www.vupen.com/english/advisories/2009/0977

http://download.novell.com/Download?buildid=WZXONb-tqBw~

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

http://secunia.com/advisories/31984

http://secunia.com/advisories/31985

http://secunia.com/advisories/32010

http://secunia.com/advisories/32012

http://secunia.com/advisories/32042

http://secunia.com/advisories/32044

http://secunia.com/advisories/32082

http://secunia.com/advisories/32092

http://secunia.com/advisories/32144

http://secunia.com/advisories/32185

http://secunia.com/advisories/32196

http://secunia.com/advisories/32845

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

http://www.debian.org/security/2008/dsa-1649

http://www.debian.org/security/2008/dsa-1669

http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

http://www.redhat.com/support/errata/RHSA-2008-0882.html

http://www.redhat.com/support/errata/RHSA-2008-0908.html

http://www.ubuntu.com/usn/usn-645-1

http://www.ubuntu.com/usn/usn-645-2

http://www.vupen.com/english/advisories/2008/2661

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

http://secunia.com/advisories/32007

http://secunia.com/advisories/32025

http://www.securityfocus.com/bid/31346

http://www.ubuntu.com/usn/usn-647-1

http://www.mozilla.org/security/announce/2008/mfsa2008-41.html

http://www.securitytracker.com/id?1020915

https://bugzilla.mozilla.org/show_bug.cgi?id=419848

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/45352

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9529

https://nvd.nist.gov/vuln/detail/CVE-2008-4059

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4059

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4059

EUVD